Privacy Policy

Introduction

This privacy statement defines the security requirements for td:wrk. It is about protecting users from security threats and protecting integrity, privacy and business results.

 

The security of our customers’ data is very important to us. We do not sell or rent personal data. All data is collected, stored or otherwise processed in accordance with the EU Data Protection Regulation. 

 

However, the services offered by td:wrk can only function if we collect and store certain personal data. 

 

Scope

This statement applies to all employees of sofistiq and third-party providers. Compliance with these guidelines is mandatory

 

Definition of Terms

“Personal data”: Details, that is information about personal or factual circumstances of a specific or identifiable living natural person (person concerned). So, any information that says something about the person or is laid down by laws, regulations or otherwise. A person can be identified directly or indirectly by any identification number or other specific factors.

 

Terms similar to “personal data” as “personal information” or “private information” are considered as synonymous. “Customer information” or “subscriber information” is used when referring to information about subscribers. 

 

“Survey data and results”: All data that users create and receive with td:wrk.

 

Security information (organisation)

 

The safety regulations are checked at scheduled intervals to ensure continuous effectiveness. As soon as new regulations arise, they will be adopted.

 

Human Resources security

sofistiq ensures that all employees with access to the td:wrk system and the infoamtion stored there (such as customer data) have signed a confidentiality agreement. 

 

The identity and ability of the staff is verified.

 

To access internal resources from remote locations, users must have the necessary permissions.

 

Responsibilities

Data Officer:

  • Responsible for all aspects of the organization’s information security. 

  • Determines the access rights to resources in this area. 

 

Developer:

  • Responsible for security and the IT infrastructure.

  • Addresses security threats, vulnerabilities and risks. 

  • Implementation and maintenance of security policy documents. 

  • Ensures that the IT infrastructure complies with security policies.

  • Responds to information security incidents.

 

All Employees:

  • Must comply with and meet the requirements of the sofistiq security policy.

  • Report any kind of attempted security breaches. 

 

Operational reliability 

Losses, theft, damage, manipulation or other incidents in connection with IT assets that impair security must be reported to the data controller as quickly as possible. 

 

Relationship with subcontractors

Subcontractors who come into contact with td:wrk must sign the same confidentiality agreements and are subjects to the same checks as employees.

 

Continuous improvement 

sofistiq has high-class technical procedures in place to ensure that everything we do for td:wrk can keep up with the latest security regulations.

sofistiq implements new updates and versions of td:wrk as far as this is considered appropriate and reasonable.

 

Engineering practices:

 

  • Use of known frameworks to protect against common attack vectors (XSS, CSRF, SQL Injection).

  • Response plans are followed to react quickly to incidents. 

  • Continuous checks to keep libraries up to date.

  • Continuous testing.

  • Continuous improvement process, especially with regard to safety issues.

  • Codes are repeatedly checked in order to find errors and security holes at an early stage. 

  • Passwords are always stored in password safes or as a configuration.

 

 

Business continuity 

sofistiq has the right to provide service and updates without prior notice. We intend to inform the customer before updating or maintaining the application. 

 

Physical and environmental safety

td:wrk is a SaaS (Software as a Service) and therefore we host the service and the data ourselves. There is no on-site solution available. 

 

​Office

Physical access to the offices of sofistiq is restricted to employees individually and on a need to have basis.

 

Data centres

sofistiq works with Microsoft for data storage. The service providers infrastructure is hosted and managed in secure data centers of Microsoft and uses the Microsoft Azure technology. Microsoft continuously manages risks and undergoes periodic assessments to ensure compliance with industry standards.

 

Geographical locations of sofistiq services

All services are hosted in Europe in the Netherlands. 

 

Data protection and data integrity 

The security of our customer’s data is very important to us and we invest a lot of time and effort to ensure that all data sent to sofistiq via td:wrk is handled securely. The management is responsible for ensuring data integrity and privacy. 

 

sofistiq developers develop the system according to best practices and ensure maximum data security in all areas of the application. We use only recognized and highly secured third-party systems with appropriate security certificates and practices. Our employees are required to use 2-factor authentication for all systems. If an employment is terminated, we immediately revoke all accesses that the user had. Security measures are taken to protect user and user data.

 

sofistiq respects intellectual property rights and we will remove any content that infringes copyrights, trademarks, patents or other intellectual property rights upon notification by the customers or third parties. sofistiq stores personal data during the period of use of td:wrk. After expiration of the license the data will be stored for another three months. 

 

Customers may obtain information and copies of the data stored by sofistiq at any time. Customers have the to have their data corrected. In the case of justified reasons, customers have the right to request the deletion of the data. Customer have the right to demand the restriction of personal data processing. If the legal requirements are met, customers have the right to receive the data provided in a structured, machine-readable format and to transmit it to another person responsible (right of data transferability). Customers also have the right to object to the processing of data for reasons arising from their particular situation in the cases provided for by law. If personal data are processed in order to carry out direct advertising, customer can object to the processing for the purpose of such advertising in any case (right of objection).

 

Client data

We avoid storage of personal data that is not required.

 

Calling up the website:

  • No personal data is collected when customer visit the website.

  • We do not use cookies to store data.

 

Registration to use td:wrk:

  • In order to use the services of td:wrk and to work with this tool, customers need an account.

  • The following data is required:

Name

E-mail address 

Password

 

Purposes of data processing

We process your data to provide our services, i.e. the use of td:wrk. We also process data to enforce legal claims or to prevent and clarify unauthorized activities and to ensure system security.

 

Access to customer data

 

sofistiq employees interact and do not access customer data during normal operation. There may be cases where this may be necessary, for example for support purposes or when required by law. 

 

Customer data is access controlled.

 

Data at rest 

sofistiq uses the encryption of all data „at reset“.

sofistiq receives powerful and automatic protection from our database provider. Our Database service provider supports the EU-U.S.: Privacy Shield Framework.

sofistiq stores all personal and survey data on Microsoft Azure.

 

Data in transit

sofistiq uses standard SSL, i.e. „in-transit“ data encryption, and is rated A by third-party vendor, SSL Labs.

The privacy and protection of customer communication and data is of the highest importance to sofistiq and has technical and operational capabilities to ensure that. 

We use standard SSL, i.e. encryption of data “in transit”.

 

User password

sofistiq cannot see user passwords and users can only reset them by email.

Passwords are stored encrypted.

 

Voters anonymity

Votes on the td:wrk voting page tdwrk.vote are anonymous. To prevent misuse, we do not store the voters IP address.

  • Weiß LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon

© sofistiq International GmbH & Co KG 2018